[kernel] r17191 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Apr 4 01:04:41 UTC 2011 

Author: dannf
Date: Mon Apr  4 01:04:35 2011
New Revision: 17191

Log:
ldm: corrupted partition table can cause kernel oops (CVE-2011-1012)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ldm-corrupted-partition-table-can-cause-kernel-oops.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny3

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Mon Apr  4 01:03:25 2011	(r17190)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Apr  4 01:04:35 2011	(r17191)
@@ -5,6 +5,7 @@
     (CVE-2011-0711)
   * [s390] remove task_show_regs (CVE-2011-0710)
   * fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)
+  * ldm: corrupted partition table can cause kernel oops (CVE-2011-1012)
 
  -- dann frazier <dannf at debian.org>  Wed, 30 Mar 2011 22:46:26 -0600
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ldm-corrupted-partition-table-can-cause-kernel-oops.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ldm-corrupted-partition-table-can-cause-kernel-oops.patch	Mon Apr  4 01:04:35 2011	(r17191)
@@ -0,0 +1,39 @@
+commit 294f6cf48666825d23c9372ef37631232746e40d
+Author: Timo Warns <Warns at pre-sense.de>
+Date:   Fri Feb 25 14:44:21 2011 -0800
+
+    ldm: corrupted partition table can cause kernel oops
+    
+    The kernel automatically evaluates partition tables of storage devices.
+    The code for evaluating LDM partitions (in fs/partitions/ldm.c) contains
+    a bug that causes a kernel oops on certain corrupted LDM partitions.  A
+    kernel subsystem seems to crash, because, after the oops, the kernel no
+    longer recognizes newly connected storage devices.
+    
+    The patch changes ldm_parse_vmdb() to Validate the value of vblk_size.
+    
+    Signed-off-by: Timo Warns <warns at pre-sense.de>
+    Cc: Eugene Teo <eugeneteo at kernel.sg>
+    Acked-by: Richard Russon <ldm at flatcap.org>
+    Cc: Harvey Harrison <harvey.harrison at gmail.com>
+    Cc: <stable at kernel.org>
+    Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+    [dannf: backported to Debian's 2.6.26]
+
+diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c
+index 0fdda2e..2ebdde7 100644
+--- a/fs/partitions/ldm.c
++++ b/fs/partitions/ldm.c
+@@ -251,6 +251,11 @@ static bool ldm_parse_vmdb (const u8 *data, struct vmdb *vm)
+ 	}
+ 
+ 	vm->vblk_size     = BE32 (data + 0x08);
++	if (vm->vblk_size == 0) {
++		ldm_error ("Illegal VBLK size");
++		return false;
++	}
++
+ 	vm->vblk_offset   = BE32 (data + 0x0C);
+ 	vm->last_vblk_seq = BE32 (data + 0x04);
+ 

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Apr  4 01:03:25 2011	(r17190)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Apr  4 01:04:35 2011	(r17191)
@@ -3,3 +3,4 @@
 + bugfix/all/xfs-zero-proper-structure-size-for-geometry-calls.patch
 + bugfix/s390/remove-task_show_regs.patch
 + bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-tables.patch
++ bugfix/all/ldm-corrupted-partition-table-can-cause-kernel-oops.patch

More information about the Kernel-svn-changes mailing list